Abstract
Most organizations that are connected to the Internet employ some kind of firewall IS security product to hinder attackers who are seeking to break into their networks. Sometimes, however, these firewall products fail, and the attackers are able to penetrate the unprotected area behind thenetwork's boundary defenses. When an attacker breaches thefirewall, it is nearly impossible for the network administratorto determine what occurred, and which systems were compromised. Once entry has been gained through the firewall, anattacker's traces vanish into thin air as system logs areerased and the intruder exploits the break-in throughout thenetwork.